In developing countries and rural areas, less than 10% of the population may have access to banking services from traditional brick-and-mortar banks. In such areas, a bank may be physically located too far away for a majority of the population to travel to. And even if a bank is nearby, it may be the only bank location in the vicinity of a vast region covering a large number of the population. The brick-and-mortar bank may not have the resources and capacity to adequately support such a large number of customers, resulting in long wait times and inconvenience for the bank's customers. In most developing countries, building additional bank branches and/or installing automated teller machines (ATMs) at various locations are often not a viable solution due to the high costs of the complex infrastructure involved. Even in developed countries where there are more bank branches and ATM locations available, customers may still have limited access to banking services such as services that are not available from ATMs during non-business hours. Furthermore, certain customers such as the elderly or customers with disabilities may still have difficulty getting to the bank branches or ATM locations.
In recent years, the use of mobile devices in developed and developing countries has grown rapidly. As such, one way of providing access to banking services is to enable users of mobile devices to perform mobile banking transactions, such as making mobile payments or money transfers, or checking account balances or performing other account related services, directly from their mobile devices. However, security concerns are often a stumbling block that hinders the wide adoption and growth of mobile banking. Most mobile devices lack the capability to securely send end-to-end encrypted communication. As a result, sensitive information, such as a Personal Identification Numbers (PINs) and Primary Account Numbers (PANs), might be sent in plaintext form, creating a vulnerability in which such sensitive information can be intercepted by malicious parties and be used for fraudulent purposes.
Furthermore, the security vulnerability with mobile banking is not just limited to the potential interception of over the air communications. The interface between a mobile operating network and a payment processing network can also be susceptible to infiltration by malicious parties because the security protocols employed by the two networks are often different, and the identities of the network devices on one network may not always be known to the devices on the other network. As a result, malicious parties can attempt to connect to one network at the interface by pretending to be a device of the other network.
Without a secure, efficient, and cost-way to send and receive communications with mobile devices, mobile banking operators are destined to incur losses or fail to roll out their mobile banking services entirely.
Embodiments of the present invention address these and other problems individually and collectively.